Page 1
IP Camera Hardening and Cybersecurity Guide | Secure Configuration and Operation 1 | 14 IP Camera Hardening and Cybersecurity Guide Secure Configuration and Operation of IP Cameras Data subject to change without notice | August 22 Security Systems / Video Systems...
IP Camera Hardening and Cybersecurity Guide | Secure Configuration and Operation 2 | 14 Table of contents Introduction IP Camera Hardening Hardening Levels Hardening Overview Feature Description and Hardening Decisions Defense in Depth Firmware protection Authentication & Access Control Network Layer Operational Environment Physical Security Network Separation...
Internet, requiring additional security measures. The following document can be used as a system-hardening recommendation for Bosch Video Surveillance Cameras describing secure settings as well as hardening recommendations for the environment and security features of the cameras.
RTSP is used for video streaming, but normally unencrypted. If the software receiving the video stream is capable of using RTSPS, it is recommended to disable plain RTSP. When using other Bosch components (e. g. decoders / BVMS / VRM / DIVAR IP) a Bosch proprietary encryption for RTSP can be enabled, making transmission secure.
Page 6
IP cameras can be mounted in very remote locations making it hard to do maintenance work or do a factory reset in case access to the camera has been locked. Bosch offers the possibility to reset the password of a camera via challenge-response mechanism based on a secure public / private key mechanism.
Page 7
Cloud based services Bosch offers its own cloud-based services to manage cameras over the Bosch Cloud Portal. The cloud services do not automatically connect to the cloud and are disabled by default. Each camera needs to be connected to the cloud portal first if it should be used.
Here is an overview of the main security functions of the IP camera. Firmware protection 3.1.1 Firmware Signing Each firmware update file is encrypted and signed by a Bosch certificate. Only updates published by Bosch can be installed on the cameras, avoiding installation of malicious firmware. 3.1.2 Secure Boot Cameras of platforms CPP13, CPP14 or newer, feature a Secure Boot mechanism.
IP Camera Hardening and Cybersecurity Guide | Secure Configuration and Operation 9 | 14 Network Layer 3.3.1 Transport Security To ensure the privacy of passwords, settings and video data, only encrypted network protocols should be used. HTTPS For encrypting the communication with the camera (either web-based interface, API or video streaming), HTTPS is supported to guarantee the proper encryption of data.
Operational Environment Bosch IP cameras can be used in a wide range of scenarios, either in a closed CCTV style network or connected to the cloud as IoT device. Here are some recommendations for the operational environment to provide maximum security to the device.
IP Camera Hardening and Cybersecurity Guide | Secure Configuration and Operation 11 | 14 SIEM System A Security Information and Event Management (SIEM) system is used to collect and analyse information from different devices and systems. The cameras can be integrated with a SIEM system by sending the logs via syslog protocol. Analysing these logs can help with maintenance, detect configuration errors or attacks on the camera (e.
Check for Security Advisories To check if there are known security vulnerabilities, please check the following page: Security Advisories | Bosch Security and Safety Systems I Global Data subject to change without notice | August 22 Security Systems / Video Systems...
Reporting Security Vulnerabilities It is an essential part of the Bosch Quality Promise that we provide product security and protect our customers’ privacy throughout the entire product life cycle. To achieve this Bosch established a global Product Security Team and made security an integral part of Bosch’s processes.